Method and apparatus for resilient decoy routing without conspiring autonomous systems (as) via distributed hash table (dht) routing

ABSTRACT

A Method and apparatus for resilient Decoy Routing without conspiring Autonomous Systems by instead using a DHT routing table is described. In one embodiment of the present invention, there would exist a set of Decoy Routing Nodes which would be connected via a DHT&#39;s routing table. This would enable decoy routing nodes to not depend on a predefined list. Traditionally, Decoy Routing depends upon either a pre-configured list of computer systems to connect to or is wholly dependent upon BGP to happen to route to friendly Autonomous Systems that understand the true intent of the packet being routed. This method and apparatus solves these problems by providing a means to use a dynamic routing table, provided by a DHT to ensure that a packet can be delivered to computer systems that understand how to do decoy routing. This approach further ensures that the routing table being used is one that is kept up to date automatically as a function of the DHT providing the routing table. Further, the methodology described ensures that evading censorship, defending against TCP replay attacks, latency analysis, website fingerprinting, and denial of service (DoS) attacks are successfully executed.

CROSS-REFERENCE TO RELATED CASES

This application claims the benefit of provisional U.S. Patent Application No. 62/841,456, filed May 1, 2019, titled “METHOD AND APPARATUS FOR RESILIENT DECOY ROUTING WITHOUT CONSPIRING AUTONOMOUS SYSTEMS (AS) VIA DISTRIBUTED HASH TABLE (DHT) ROUTING”; and is a continuation of and claims priority to U.S. patent application Ser. No. 16/865,155, filed May 1, 2020, which issued Apr. 5, 2022 as U.S. Pat. No. 11,297,104. The entire contents of the above-referenced applications and of all priority documents referenced in the Application Data Sheet filed herewith are hereby incorporated by reference for all purposes.

FIELD OF THE INVENTION

This invention relates to computer networks and, more specifically, to enabling the creation of a computer network capable of evading censorship; defend against TCP replay attacks, latency analysis, website fingerprinting, and denial of service (DoS) attacks by way of a modified decoy routing scheme through the use of a distributed hash table.

BACKGROUND

Since time immemorial, human beings have always sought to protect their privacy from adversarial parties. Today, human beings have many sophisticated technological solutions to safeguard privacy. Such measures include Public-Key Encryption, Elliptic Curve Cryptography, the Distributed Hash Table (DHT), Decoy Routing, and many more solutions. Decoy Routing traditionally relies on a group of Autonomous Systems having the ability to look at an Internet Protocol (IP) Packet (version 4 or version 6) in a non-standard way (Conspiring Autonomous Systems) to route from one Autonomous System to another on the Internet. The aim of Decoy Routing is to allow for an adversarial actor (spy) to see only overt route information and not the actual intended route which is encoded covertly. Presently, Decoy Routing, at the end of the day, still relies upon known servers to connect to. Current Decoy Routing schemes rely on injecting additional routing information into a Transport Layer Security (TLS) Handshake. The injected payload into the TLS Handshake is done using a stenographic encryption methodology. Specifically, the ClientHello, ClientKeyExchange, and Finished components of a TLS 1.2/1.3 Handshake are modified to contain additional covert information. TLS 1.2/1.3 is defined by RFC5246 and RFC8446. Traditionally, Border Gateway Protocol (BGP) has been used to route between Autonomous Systems. BGP is defined by RFC 4271. The Internet is a Network of Networks. Autonomous Systems are how the Internet organizes these networks. In effect, the Internet is actually a Network of Autonomous Systems. Inside each Autonomous System exists one or more networks. An Internet Service Provider (ISP) for example is at the highest level one such example of an Autonomous System. However, Autonomous Systems are not necessarily Internet Service Providers. A large corporation or a university might be assigned an Autonomous System Number (ASN) by a Regional Internet Registry (RIR) under the authority of the Internet Assigned Numbers Authority (IANA).

Further, Distributed Hash Tables (DHTs) have enabled a revolution in distributed systems architecture. DHTs have made possible such applications as peer-to-peer (P2P) file sharing, P2P file storage, and P2P communications platforms. Distributed Hash Tables all generally comprise the following components: a Keyspace, a Keyspace Partitioning Scheme (KPS), and an Overlay Network. A Keyspace is also known as the Key Value Pair (KVP). The KVP is a scheme by which the data (the value) can be referenced quickly by the Key (which is a hash, using a standard Hashing Algorithm, of the aforementioned data being stored). The KPS describes how the Keyspace is organized across one or more computing systems. An Overlay Network is simply a network that is built on top of another network. One important property of a DHT is its ability to route between Nodes to access the entire Keyspace across many Nodes. A Node simply being a computer system which is participating in a DHT and providing space to host, in general, part of a DHT's Keyspace. While the KPS defines how the Keyspace is partitioned, a DHT must also have a routing scheme as part of the KPS.

BRIEF DESCRIPTION OF THE DRAWINGS

An exemplary embodiment of the present invention is described herein with reference to the drawings, in which:

FIG. 1 shows an embodiment in which a client (Mobile Phone or Computer) is using a Decoy Routing scheme via a DHT Routing Table in a simple scenario (all DHT nodes residing inside a single Autonomous System).

FIG. 2 shows a diagram detailing how a TLS session lifecycle using the architecture described in FIG. 1.

FIG. 3 shows and embodiment in which a client (Mobile Phone or Computer) is using a Decoying routing scheme via a DHT Routing Table which resides inside a collection of separate Autonomous Systems; also a censor is unable to block the traffic.

SUMMARY OF INVENTION

In one embodiment of the present invention, there exists a set of Decoy Routing Nodes which would be connected via a DHT Routing Table which would enable Decoy Routing Nodes to not depend on a manually created list.

Embodiments may provide a mechanism for the Decoy Routing to ensure that the connection list is always up to date by way of a DHT Routing which would drop dead connections and add new connections automatically to the DHT Routing table.

Embodiments may provide a mechanism whereby a server client model is established and the DHT Data lives in a collection of centralized databases, be they relational databases or non-relational databases.

DETAILED DESCRIPTION

Embodiments of a decentralized Decoy Routing System that do not depend on conspiring Autonomous Systems to route traffic in a covert manner are represented in FIG. 1 and FIG. 3. FIG. 2 explores the modified TLS handshake needed to successfully execute decoy routing which ensures that the IP Packet being emitted by a computer system is successful in evading censorship, ensures that a computer system intending to send an IP Packet is unable to be replayed in a Transmission Control Protocol (TCP) replay attack, ensures a computer system emitting an IP Packet cannot be used in a latency analysis, ensures a computer system emitting an IP Packet does not convey website fingerprinting, and ensures a computer system emitting an IP Packet can successfully thwart a denial of service (DoS) attack.

FIG. 1 presents a simple embodiment of a Decoy Routing System that does not depend on conspiring Autonomous Systems, and uses a DHT Routing Table to route an IP Packet. In this embodiment, we see 11 a client computer system sending an IP Packet to 14 a DHT Node. This IP Packet's arrow is colored red to indicate that the IP Packet appears to be routing towards the Overt Route 24 by way of 14, 15, 16, 17, 23, and finally to 24. The Overt Route 24 is a destination in the Internet that the client computer system does not care to actually establish a network connection, but would be safe to connect to in the event that a censoring agent were to monitor the network connection. The Covert Route 26 is the route the client computer system is actually intending to establish a network connection with. The Internet is represented by 13. FIG. 1 is an embodiment of the Decoy Routing and DHT Routing Table without respect to the Autonomous Systems that the DHT resides in. FIG. 3 addresses a multi Autonomous Systems embodiment of the resilient Decoy Routing without conspiring Autonomous Systems by instead using a DHT Routing Table method and apparatus. FIG. 1, 22, 14, 15, 16, 17, 18, 19, 20 represent Nodes in a DHT. The routing table is represented by the arrows between these elements.

FIG. 2 is an embodiment of the Decoy Routing System that does not depend on conspiring Autonomous Systems and uses a DHT Routing Table to route an IP Packet in which a censoring agent 25 is present and is inspecting 26 an outgoing IP Packet 12 with Overt and Covert routing information. In the FIG. 3 embodiment, the DHT is configured in a manner in which there are nodes in multiple Autonomous Systems, as seen in 28, 29, 30. FIG. 1 and FIG. 3 both demonstrate an Overt Route 12, 14, 15, 16, 17, 23, 24 as well as a Covert Route 12, 14, 15, 16, 19, 25 and the Covert Route Return 26, 25, 19,14, 27. It should be noted there is no return route for the Overt Route as the client does not actually intend to establish an actual network connection with the Overt Route.

FIG. 2 is an embodiment of a modified TLS handshake which encodes the mechanism by which the Decoy Routing operates. The specific modifications detailed in FIG. 2 enable claims 2, 3, 4, 5, 6. FIG. 2 demonstrates the following scenario, a client computer system 19 sends a SYN to 20 a DHT Node. The DHT Node 20 acknowledges 11 the SYN, Client computer ACK 12 the SYN previously sent, Client 19 sends a Modified ClientHello 14 to DHT Node 20. This modified ClientHello contains additional hidden information about how to actually route the packets once the handshake is established. After the DHT Node 20 sends a ServerHello 13 back to client 19, the Client 19 sends a Modified ClientKeyExchange with additional payload to DHT Node 20. DHT node 20 sends a normal ClientKeyExchange 15 back to Client 19. Client 19 sends a normal Finished to DHT Node 20. DHT Node 20 sends a modified Finished with payload back to Client 19. By sending this modified Finished, the client has acknowledgement that the Decoy Routing is activated. Normal data transfer can now begin. If a censor attempts to inspect this handshake, the censor will see a payload that is encrypted and XORed with the normal ClientHello and appended to ClientHello. It will appear to be random corruption or excess padding in the IP Packet.

The processes described herein, as well as any other aspects of the disclosure, may each be implemented by software, but may also be implemented in hardware, firmware, or any combination of software, hardware, and firmware. Instructions for performing these processes may also be embodied as machine- or computer-readable code recorded on a machine- or computer-readable medium. In some embodiments, the computer-readable medium may be a non-transitory computer-readable medium. Examples of such a non-transitory computer-readable medium include, but are not limited to, a read-only memory, a random-access memory, a flash memory, a CD-ROM, a DVD, a magnetic tape, a removable memory card, and optical data storage devices. In other embodiments, the computer-readable medium may be a transitory computer-readable medium. In such embodiments, the transitory computer-readable medium can be distributed over network-coupled computer systems so that the computer-readable code is stored and executed in a distributed fashion. For example, such a transitory computer-readable medium may be communicated from one electronic device to another electronic device using any suitable communications protocol. Such a transitory computer-readable medium may embody computer-readable code, instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and may include any information delivery media. A modulated data signal may be a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.

While there have been described systems, methods, and computer-readable media for resilient decoy routing without conspiring autonomous systems (AS) via distributed hash table (DHT) routing, it is to be understood that many changes may be made therein without departing from the spirit and scope of the disclosure. Insubstantial changes from the claimed subject matter as viewed by a person with ordinary skill in the art, now known or later devised, are expressly contemplated as being equivalently within the scope of the claims or other language of this disclosure. Therefore, obvious substitutions now or later known to one with ordinary skill in the art are defined to be within the scope of the defined elements.

Therefore, those skilled in the art will appreciate that the concepts of this disclosure can be practiced by other than the described embodiments, which are presented for purposes of illustration rather than of limitation. 

What is claimed is:
 1. A method and apparatus for a computer system to connect to another computer system using a procedure which obscures the actual intended routing path from a third-party observer and is able to ensure routing by always having an accurate routing table which is provided for by way of a DHT.
 2. The method of claim 1, wherein a computer system to connect to another computer system also ensures that the IP Packet being emitted by a computer system is successful in evading censorship.
 3. The method of claim 1, wherein a computer system to connect to another computer system also ensures that a computer system intending to send an IP Packet is unable to be replayed in a Transmission Control Protocol (TCP) replay attack.
 4. The method of claim 1, wherein a computer system to connect to another computer system also ensures a computer system emitting an IP Packet cannot be used in a latency analysis.
 5. The method of claim 1, wherein a computer system to connect to another computer system also ensures a computer system emitting an IP Packet does not convey website fingerprinting.
 6. The method of claim 1, wherein a computer system to connect to another computer system also ensures a computer system emitting an IP Packet can successfully thwart a denial of service (DoS) attack. 